Vulnerabilities > CVE-2022-38752 - Out-of-bounds Write vulnerability in Snakeyaml Project Snakeyaml

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
snakeyaml-project
CWE-787

Summary

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Common Weakness Enumeration (CWE)